Hardware memory breakpoints

    Hardware memory breakpoints


    When I have a certain byte or range of bytes of which I know it will contain certain interesting data at some point, I usually set a hardware breakpoint on it.

    However, I noticed that it doesn't always break. For example, now I want to keep an eye on the byte at DS:[9F2020], so I set a hardware BP there. However

    (EAX = 9F2020)

    won't cause Olly to break. However

    (EDI = 9F2024)

    will cause Olly to break.

    Am I misinterpreting the adressing system in Olly? I assume that

    009F2020 | 00 00
    __________^this is the byte on 009F2020

    Do I need just to set my breakpoint a byte or 4 bytes before that?
    how did you set hardware breakpoint
    for memory read and write
    you either need to set
    hardware bp->memory on access->byte // word // dword or
    hardware bp -> memory on write ->byte // word // dword

    if you had set an execute break it will not break on access of that memory

    i dont see any problems in hw bp

    00401000 >MOV     EAX, 403000
    00401005  NOP
    00401006  NOP
    00401007  MOV     DWORD PTR DS:[EAX], EBP
    00401009  MOV     DWORD PTR DS:[EAX], EBP
    0040100B  NOP
    0040100C  NOP
    0040100D  NOP
    0040100E  CALL    00403000
    00401013  JMP     SHORT 00401013
    Log data
    Address Message
    00401009   Hardware breakpoint 2 at msgbox.00401009		<----------------- second breakpoint @401009 hit
    						 	first 401007 did not hit though eax contains 403000
    00403000   Hardware breakpoint 1 at msgbox.MsgCaption               execution hw bp hit

